Share Article

Recent Data Breaches and Malware Attacks Have Fundamentally Changed the Risk Environment for Financial Institutions, Requiring a New Approach to Authentication

San Jose, CA (PRWEB)April 09, 2015

ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces several strategies for financial institutions to accurately authenticate customers and employees in alignment with joint statements released by the Federal Financial Institutions Examination Council (FFIEC) on compromised credentials and destructive malware.

As a result of growing destructive malware attacks and recent successful data breaches directed at banks, retailers and health providers, the risk environment for businesses operating online has fundamentally changed. To help financial institutions navigate this change, the FFIEC released joint statements that address dealing with stolen identities and the heightened risks of destructive malware that, in combination, represent a credible threat to business operations and the financial system as a whole.

“We’re not even halfway through the year and we’ve already seen data breaches of two major healthcare providers, Anthem and Premera, compromise the information of more than 90 million people,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “As the prevalence of personal data being breached continues to grow, financial institutions need a new approach to authentication and digital identity assessment.”

According to ThreatMetrix, the key takeaways for both FFIEC joint statements can be summarized as:

Compromised Credentials – Banks can no longer trust static identities of a user attempting a login or transaction, whether it is an employee or administrator, and especially if it is a customer. Even if a bank’s own internal systems are impenetrable, their customers and employees are not.

Destructive Malware – Banks need to continuously evaluate the health and risk of devices being used to access data or perform a transaction, irrespective of whether the device is an employee accessing services remotely from their tablet, or a sanctioned locked-down PC.

Shared Intelligence – In order to proactively counter these two combined threats financial institutions need to look beyond their firewalls to share actionable threat intelligence about unauthorized account access attempts and attack patterns.

“Forget Bitcoin, our digital identities are the cyber currency that are powering the underworld,” said Faulkner. “Unlike credit cards that can be replaced, stolen identities and compromised devices are the gift that keeps on giving – pieces of a user’s digital identity can be used over and over again, with each attack increasing in sophistication on a daily basis. Combining stolen identities, compromised devices and newer device spoofing tools like AntiDetect and FraudFox, hackers can routinely bypass first generation authentication technologies still installed at banks. Financial institutions need new ways of assessing digital identities by leveraging global shared intelligence to detect when personal information and devices are being used illegitimately. When one financial institution’s network is breached, every financial institution becomes the target of the digital debris.”

Layered Approach – Rather than providing “Bigger Data,” which creates too many alerts to act upon quickly, The Network uses pin-point decision analytics that assess devices, threats, personas and behavior across its anonymized digital identity network to accurately identify cybercriminals in real time without added customer friction.

In an environment where financial institutions must assume digital identities and devices are compromised before authenticating logins or transactions, The Network delivers real-time intelligence, providing businesses with consistent risk assessments of data and creating unique digital identities for users by mapping their online behaviors and devices to protect customers from fraudulent transactions.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.